Posted
by
kdawsonon Tuesday November 28, 2006 @06:32PM
from the bug-me-not dept.

netbuzz writes, "A fellow teaching himself Seam has come up with a clever Web app called 10 Minute Mail. It gives you a valid e-mail address — instantly — for use in registering at Web sites. Ten minutes later (more if you ask), it's gone. You can read mail and reply to it from the page where you create the throw-away address. Limited utility, yes, but easy and free."

I was curious as to how TMM [10minutemail.com] stacked up against mailinator [mailinator.com], my anonymous email of choice; mailinator has a time-limit of several hours, and its interface is slightly more elegant.

Mailinator is a great and possibly better alternative to TMM. It appears that the email address TMM generates does expire in such a way that it rejects email to the address you are given after a period of time (10 minutes). With mailinator, the email address never expires, but mail that is delivered tends to be purged after a few hours. Mailinator works so well that I have found some sites don't let you use mailinator addresses in the sign up process. Luckily they have set up alternative domains that point their mail to mailinator's servers allowing you to use alternative domain names in your temporarily email address.

I once used an anonymous mail program some "many" years ago and got busted by a sys admin. But I didn't go through the mail server, and to this day I don't know how I got caught. Is Mailinator any better? I did it as a prank to a friend and it backfired on me the worst way and haven't tried this stuff ever since.

For $10 plus travel expenses, I'll come down to your house and yank the cord associated with your internet connection. I think that should take care of the problem fairly well. No promises on receiving the mail you do want though.

On a site I run, we've had constant problems with saboteurs using these kind of services for creating accounts in order to spam some paint chat rooms we've set up. We've been forced to restrict access to new users, and other measures. To sum it up: It's good that e-mail addresses are easy to create, but it's bad that e-mail addresses are easy to create.

I've been using Mailinator for throw-away web page signups for years, but I use Sneakemail [sneakemail.com] for the purchasing sites where I'd like to be notified about shipments, etc.

I have to say I like the idea of a 10 minute window. Several hours means I can't really use it to have them send me passwords, as I frequently have name collisions at Mailinator.

In the same vein, I dislike the lack of a "roll-your-own" email address that Mailinator offers. With Mailinator, I can simply type john@mailinator.com and not worry about visiting Mailinator's site first. With TMM, I have to hit their site to get the randomly generated mail40367@10minutemail.com address (and yes, they're slashdotted at the moment.)

How about Vs. GMail? Ever heard of plus-addressing? I've been using it lately with great results.

myemail+anythingelse@gmail.com always goes straight to myemail@gmail.com, BUT with a distinct TO address. That way you know which service sold you to spammers, and you can prop up a filter to faithfully dispose of them.

Of course, like any of these services, it only works until the big baddies find out...

How about Vs. GMail? Ever heard of plus-addressing? I've been using it lately with great results.
myemail+anythingelse@gmail.com always goes straight to myemail@gmail.com, BUT with a distinct TO address.

I also use this whenever possible. Unfortunately, many web developers think that a "+" in an email address is not valid, even if used before the "@". Or maybe they are too lazy to develop rules that apply different checks for the part before the "@" and the part after, or whatever. The unfortunate fact is that many website registration systems simply won't accept emails like "myemail+anythingelse@gmail.com".

My favorite is to just have a catchall on my domain. Then when I signup for something, I use a descriptive address plus my domain. This allows me to not only get all the mail, I know who I gave it to, and who is selling/spamming. If they start to spam, I just turn it off or dev/null all mail to that address.

Caution! I tried this many years ago, on a suggestion from a slashdot comment, no less. Feeling impervious to spam, I used descriptive email addresses + my domain on web forms everywhere. It wasn't long before the spam started piling up... big time. 100s of spam messages a day, including dictionary attacks against the domain. I started using spam-assassin tools. The tools worked well, blocking ~95% of the spam, however, by that time I was approaching 1000 spam messages a day. I was still getting ~50

Eventually, the domain was getting hit with nearly 1500 spam messages a day, and I shut down my mail server service.

Greylisting [wikipedia.org] could clear that up in a jiffy. My server was getting a few thousand spams a day (peaked at over 2000 in an hour at one point). It was getting so that the machine was constanly churning spamassassin and not much else could get CPU. Worse: my filters/learning were getting poisoned. I installed greylisting and the problems all went away. If you aren't running your server ask your provider for it. Most server apps have a plugin or something similar for it nowadays.

This is what I do, and it worked great until spammers and worms started sending emails to random usernames at my domain, e.g. john@mydomain.com (my name ain't john), sue@mydomain.com (ain't sue either), etc.

Mod parent up - the "+" is quite unreliable. qmail uses a "-" for the mostly-same purpose.For those who think this strategy well-and-truly evaporates when companies realize it, think again.

Let me back up a step: There are three reasons to use such a strategy: Tracking (eg, to prevent them realizing that the same person registered at two sites when they control both) spam ( to prevent spam) and spam-tracking (to track who SENT you spam.)

This is very true, and the trick I use to get around it is the fact that gmail treats foobar@gmail.com the same as foo.bar@gmail.com or f.o.o.b.a.r@gmail.com. For sites I don't trust completely and who insist that + isn't valid, I use a different dot pattern, and if I start getting junk, I set up a filter. Works great.

That's almost the same as my strategy. I get everything at my domiain that is not destined for an existing user, so I sign up to each and every web service that requires an email address with @mydomain.comAgain, you can see almost immediately where dodgy email is coming from if they decide to do a little bit of a sell, or they have poor security around their email databases. I find however that 99.9% of the span I get (well, block - greylist milter FTW), the address is sourced from other people who have my

No one would ever figure out to strip everything after the plus before selling it to spammers. That would be far too difficult and wouldn't work for a large number of accounts.

The + address just lets you catch the ones that are accidentally leaking your address. Anyone being aggressive will have your real address. That way you won't have any of the spam that is periferally related to things that you are actually interested in, but you will get tons of Viagra and porn spam. Yay!!!

BEWARE of the "+" addressing of Gmail feature. I signed up for a MySpace account (bad idea) with my email "+signup" so I could immediately send all the ensuing crap to the garbage. A month later when I went to delete my MySpace account, they informed me they would send send me an email to confirm my delete. After doing this about 10 times, I realized I was never going to get the mail and I wondered why. I DUG IN a little and guess what I found out?....there stupid code was sending an email to "myemail

there is an odd privacy from spam.la, the privacy of crowds, much as there is a privacy you get from being on cctv at every step in a crowded city of millions that you do not get from being in a village. any message sent can be read by anyone; so although everyone can read your email, because it could be sent to anybody, it is, in a different way, private.it is very exciting that at the same time london police want microphones on street corners to complement cctv, i can set up an anonymous email address wit

What's the point of having an email address that's only around for a few minutes when you could just use a single throwaway email address for all of your registration needs. It doesn't expire, but since you only use it for registrations, it doesn't matter how much spam/cruft it accumulates.

I had a catholic.org email address i used for registration to sites that required email validation. It became unusable after 2 years. Its just nonstop spam to the point its hard to find the verification emails. Now i just use throw away gmail accounts.

Here's one point. Let's assume you use one email address for all of your registration needs, including forums (and shopping if you really want to drive this point home). Over time, that email address will be linked to a variety of sites, which together can be used to identify you. Of course, depending on how you use the sites connected to the email address, there may be nothing that can be used to get your actual identity or you may have used your name on a couple which leads people to you (or you might use your credit card on a shopping site). Now you, or your identity depending on how you want to look at it, is linked to that email. This probably isn't a big deal for most people. Now let's pretend you want to sign up on an Anarchists website, which is something I wouldn't recommend in the US right now, so now that email is linked to you and linked to anarchy. That might not be something you want. That example doesn't work for you? How about signing up for a porn site that requires email but no credit card? What about a torrent site? An email address that lasts only 10-minutes should make it harder for people to link things that you do back to you.

(Before anyone jumps down my throat, I said it "should make it harder" not impossible, and I didn't say that it makes it hard because I don't know the difficulty of doing such a thing. I just said it would be harder than using one email address for everything.)

Sooner or later he's going to have to enforce some sort of IP address logging, like most services of that type do.For instance, www.jetable.org, a french site along the lines of mailinator forwards given emaisl to your account for the specified duration, but it logs your IP address and the time you were on, in case it becomes essential to know who was whom in a legal case.With that info, it's *still* possible that a 10 minute email will lead back to you. Not just an email account, but an ISP account this ti

If the site needs to mail you something to complete the registration, you have to be able to read the email address - and having one address that collects a ton of crap makes it hard to read the email address and get that one mail you care about to complete the registration.

Yes, if the site wants an email address, but you don't need to receive any emails from the site to continue, give it "i_dont_want_spam@localhost", or "i_dont_want_spam@example.org"

What's the point of having an email address that's only around for a few minutes when you could just use a single throwaway email address for all of your registration needs.

One throwaway is the best way to go. What if you forget your password for one of the many sites you registered at? The 'I lost my password' function is worthless if there is no longer an address to retrieve it at.

Most of the people I know already keep a secondary address on gmail/hotmail, etc for this purpose.

This works, but things such as invites, forwards, e-cards that your friends send you with good intentions still mess things up. I had a good clean 3-year run with my last address, but lately it's just spiraled out of control.

I have my own domain and I can create an unlimited number of throwaway addresses. If they behave, I keep it active. If it starts getting spam, I know which business I can't trust and I direct it to/dev/null/

For example, if I were to register with slashdot, I could just use slashdot@mydomain.com

Well, it's a standard feature of sendmail, so there are a lot of other sites for which username+tag@domain will work.One drawback, though, is that you can run into insufficient email address validation. I've tried using that scheme on some sites which then complained that the address was invalid, beause their regex didn't take into account + as a valid character for the LHS.

On a related note, I've found with seeding spamtrap addresses that, more often than not, harvesting bots will see the + as a boundary,

It occurs to me that you could even have a REALLY public email address that passed through gmail's filters properly.The problem I have in mind is that I participate in (not just lurk on) several mailing lists. When I post, my email address is out there for spammers to find, eventually: gmane.org, among others, is a great place to harvest emails. What can I do about this? I actually want to get email on that address (the list itself) but I don't want spam to get through.

If you have your own domain (and I assume you control the mail server) you can just implement spam filtering and not bother juggling addresses. Start with Greylisting. I use the same address for everything and I barely get one spam a week.

Every site gets its own address. Not only do I not get spammed, but I know where it's coming from. I started it out expecting to catch some "reputable" site selling my e-mail address, but you know what? Most sites out there are very careful with your address, and take you off their list as soon as you tell them to. The only addresses I've had to delete are for porn sites.

This service shows how effectively promoting your service can really make a difference. While Mailinator has been around for a long time, somehow this 10minutemail has managed to get lots of exposure. I wonder did they really get all these mentions around the net just organically, or was there heavy promotion involved? If the success came organically, perhaps it's because 10minutemail is easier to understand. Just from the domain name it's easy to guess what the service is for.

I know of at least two different sites which give out disposable e-mail addresses so I don't really understand why this is newsworthy.

http://www.spamgourmet.com/ [spamgourmet.com]
You create an account and spamgourmet will bounce the mail to you. The syntax is: [word].[number of mails].[username]@spamgourmet.com. When the alloted number of e-mails has been used the mails will bounce unless you allow more through.

http://www.mailinator.com/ [mailinator.com]
You just make up a string of letters and use those letters to view the account at mailinator. This is a truly disposable mail address since the inbox is open to anyone who chooses to look at the account. If the information is semiimportant you should choose a pretty random mail address.

Yep, I was going to point out that Spam Gourmet [spamgourmet.com] has been doing this for years. Granted this is a different slat where the addresses expire in some period of time instead of some number of messages but they are roughly equivalent.

It's very convenient to use your regular mail client to read your "risky" mail, but still restrict it to e.g 3 mails for account verification.

There's an extra curiosity with it as well -- it can be used to detect which sites sell your address. Set it to cap at 5 mails, and if it keeps trickling in beyond the 1-2 mails, you know exactly which company originally sold it.

First, there are tons of other services that do this already. However, I personally am not very interested in expiring addresses; I frequently want to keep receiving mail at that address into the future (and some services simply don't allow you to update your email address, in which case you're screwed).Up until last year I've been using the popular (and open-source) Spamgourmet. It caps you at a max of 20 messages, though, so if you want to keep receiving mail at that address, you need to continually reset

I personally find Spamgourmet [spamgourmet.org] to be more interesting...

You sign up (yeah, I know, you have to trust them) and give out email addresses likemadeupkeyword.X.yourusername@spamgourmet.org
where X is the number of messages (up to 20) that you want to allow for a particular word.
Spamgourmet forwards X number of messages to your email, and then quietly destroys any further messages.

http://www.bugmenot.com/ [bugmenot.com] -- for when you need a username/pass to log into a particular free site (New York Times, AllMusic, etc.) but don't want to bother registering. Assumedly, this site will knock out half of your reasons to use these various quickie e-mail services. Enjoy!

I use these throwaway e-mail addresses quite a lot in testing various web applications (which often require unique e-mail addresses for each registration or whatever). A lot of people have already mentioned Mailinator, so I'll also mention 2Prong [2prong.com]. I came across it one day when Mailinator was down for whatever reason. It has a couple of things in its favor. First, it only uses a domain for two days before moving on to a different domain for throwaway e-mail addresses. So the likelihood of you ever finding the domain blocked is essentially nil. Second, it works completely automatically. All you do is copy/paste the e-mail address, use it, and then the page auto-refreshes when it gets the confirmation e-mail or whatever it is you're looking for. Nice and clean.

It will just be a matter of time before people that write forms make these email addresses not available to be registered with. I've seen some apps that already block some of the other fake email generators.

I just use a gmail adress for that. Login to the site and eneter my gmailadress houghi.spam@gmail.com, go to gmail and see if it already there. If not do a refresh.

No need for me to fill out some adress I have to look up or activate first. I also don't care how much spam I recieve on that adress, as long as I can see the mail arriving. If spam is so much active, I can just make a new gmail adress.

I wish there were a bot like Majordomo which would take a remote email address, generate a hash from it, create a new mailbox alias with the hash as its name, and send a message to the remote address notifying it of the new mailbox. With a note attached, either a default or one I specify when I trigger the process.Then I could generate addresses for each remote party with whom I correspond, and delete them. I could control whether an address bounces or just consumes mail later. I could expire the mailboxes

At least on my SBC Yahoo account I've been able to do so... you click the button and it creates a fake e-mail address that forwards to your real one and lets you send on behalf of it.. just delete it when you're done.

Yahoo provides throwaway addresses (addressguard) to paying subscribers. They last indefinitely and provide useful delivery options. I use this feature for sites I don't trust and for usenet to make it easier to sort out their spam. The old Yahoo mail interface would color code mail sent to different addressguard adresses. This isn't yet in the new interface unfortunately.

how hard is it to write a few extra lines of code that append an "s" to the word "message" only if you have MORE than one message???

This can be very hard if you want to expand your market beyond anglophone world, especially to users who speak languages that have ways of forming plurals other than something like the s-suffixation used in English. For instance, some nouns in English, German, Hebrew, Arabic, and Sindarin use what has been called an infix [wikipedia.org] or a simulfix [wikipedia.org]: goose > geese. Worse, languages may